End-of-Day report
Timeframe: Dienstag 04-08-2020 18:00 - Mittwoch 05-08-2020 18:00
Handler: Dimitri Robl
Co-Handler: Thomas Pribitzer
News
MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle
Posted by Mateusz Jurczyk, Project Zero. This post is the fourth of a multi-part series capturing my journey from discovering a vulnerable little-known Samsung image codec, to completing a remote zero-click MMS attack that worked on the latest Samsung flagship devices.
https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-4-completing-aslr-oracle.html
Richtlinien gegen Sicherheitslücken in Legacy-Programmiersprachen veröffentlicht
Das Politecnico di Milano und Trend Micro haben einen Leitfaden für das Entwickeln mit Legacy-Programmiersprachen für Betriebstechnik in der Industrie erstellt.
https://heise.de/-4863229
Sophos: Ransomware WastedLocker trickst Sicherheitsanwendungen aus
Die Hintermänner haben offenbar sehr gute Kenntnisse über interne Funktionen von Windows. Sie nutzen diese, um Dateien im Windows-Cache statt direkt auf der Festplatte zu verschlüsseln. Damit vereiteln sie eine verhaltensbasierte Analyse ihrer Schadsoftware.
https://www.zdnet.de/88382004/sophos-ransomware-wastedlocker-trickst-sicherheitsanwendungen-aus/
Unseriöse Angebote werben mit ORF-Promis
Immer wieder werden Promis dazu genutzt, um unseriöse Angebote zu bewerben. Aktuell werden vor allem Bilder von ORF-Stars und von nachgemachten Nachrichten-Logos verwendet, um Menschen in die Falle zu locken. Die gefälschten Werbungen werden Ihnen dabei beim Handy-Spielen angezeigt und sollen Sie dazu bringen Apps für Spieleautomaten herunterzuladen.
https://www.watchlist-internet.at/news/unserioese-angebote-werben-mit-orf-promis/
Vulnerabilities
Hackers can abuse Microsoft Teams updater to install malware
Microsoft Teams can still double as a Living off the Land binary (LoLBin) and help attackers retrieve and execute malware from a remote location.
https://www.bleepingcomputer.com/news/security/hackers-can-abuse-microsoft-teams-updater-to-install-malware/
The Official Facebook Chat Plugin Created Vector for Social Engineering Attacks
On June 26, 2020, our Threat Intelligence team discovered a vulnerability in The Official Facebook Chat Plugin, a WordPress plugin installed on over 80,000 sites.
https://www.wordfence.com/blog/2020/08/the-official-facebook-chat-plugin-created-vector-for-social-engineering-attacks/
Security updates for Wednesday
Security updates have been issued by Debian (net-snmp), Fedora (mingw-curl), openSUSE (firefox, ghostscript, and opera), Oracle (libvncserver and postgresql-jdbc), Scientific Linux (postgresql-jdbc), SUSE (firefox, kernel, libX11, xen, and xorg-x11-libX11), and Ubuntu (apport, grub2, grub2-signed, libssh, libvirt, mysql-8.0, ppp, tomcat8, and whoopsie).
https://lwn.net/Articles/828114/
BlackBerry Powered by Android Security Bulletin - July 2020
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000065044
GRUB2 Arbitrary Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-grub2-code-exec-xLePCAPY
Security Advisory - Information Leak Vulnerabilities in Huawei FusionCompute Product
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-01-fc-en
Security Advisory - Local Privilege Escalation Vulnerability in Huawei FusionCompute Product
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-01-fusioncompute-en
Security Advisory - Denial of Service Vulnerability in Several Smartphones
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-01-smartphone-en
Security Advisory - Protection Mechanism Failure Vulnerability in Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-01-failure-en
Security Advisory - Elevation of Privilege Vulnerability in Some Microsoft Windows Systems
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-01-windows-en
Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows SMBv1
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200805-01-smb-en
Security Bulletin: jackson-databind (Publicly disclosed vulnerability) found in Network Performance Insight (CVE-2019-14892, CVE-2019-14893)
https://www.ibm.com/blogs/psirt/security-bulletin-jackson-databind-publicly-disclosed-vulnerability-found-in-network-performance-insight-cve-2019-14892-cve-2019-14893/
Security Bulletin: CVE-2014-3577 HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2014-3577-httpcomponents-httpclient-before-4-3-5-and-httpasyncclient-before-4-0-2-does-not-properly-verify-that-the-server-hostname-matches-a-domain-name/
Security Bulletin: CVE-2020-4481 HTTP properties vulnerable to an XXE attack
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-4481-http-properties-vulnerable-to-an-xxe-attack/
Security Bulletin: vulnerabilities in in IBM® Runtime Environment Java- Version 8 affect IBM WIoTP MessageGateway (CVE-2020-2805, CVE-2020-2803, CVE-2020-2781, CVE-2020-2755, CVE-2020-2754)
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-in-ibm-runtime-environment-java-version-8-affect-ibm-wiotp-messagegateway-cve-2020-2805-cve-2020-2803-cve-2020-2781-cve-2020-2755-cve-2020-2754-2/
Security Bulletin: CVE-2009-2625 CVE-2012-0881 CVE-2013-4002 CVE-2014-0107 Multiple Xml handling Issues in xerces and xalan
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2009-2625-cve-2012-0881-cve-2013-4002-cve-2014-0107-multiple-xml-handling-issues-in-xerces-and-xalan/
Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js http-proxy module denial of service
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-pak-for-integration-is-vulnerable-to-node-js-http-proxy-module-denial-of-service/
Security Bulletin: CVE-2019-2949 may affect IBM® SDK, Java- Technology Edition
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-2949-may-affect-ibm-sdk-java-technology-edition-2/
Security Bulletin: CVE-2015-5254 Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2015-5254-apache-activemq-5-x-before-5-13-0-does-not-restrict-the-classes-that-can-be-serialized-in-the-broker/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11.
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-integration-bus-and-ibm-app-connect-enterpise-v11-4/
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-4243)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4243/
IBM Spectrum Protect: Schwachstelle ermöglicht Offenlegung von Informationen
http://www.cert-bund.de/advisoryshort/CB-K20-0785